Computer users, particularly users without much technical expertise, often have configuration problems or usage questions that are difficult for a support professional or even just a friend or family member to diagnose and fix over the phone. Remote assistance provided over a network or Internet connection is an effective way for users to get the help they need and makes it easier and less costly for corporate helpdesks to assist their users. After receiving a request for remote assistance, the helper (e.g., helpdesk expert) can remotely connect to the problem computer, view its desktop screens, and temporarily take control of the computer by sending keyboard and mouse commands over the network connection.
Remote assistance has proven to be difficult to provide in the case where a remote user (i.e., the “helpee”) is behind a NAT (network address translator) firewall and the helper is inside a corporate network which is protected by an edge or perimeter type firewall. NAT firewalls are commonly used in small and/or home networks to remap IP (Internet Protocol) addresses of computers in the small network to a single IP address that is typically provided by an Internet gateway using a cable or DSL (digital subscriber line) connection, for example. The perimeter firewall is typically utilized to monitor traffic between the internal corporate network and a public network/Internet by inspecting incoming traffic for malware (i.e., malicious software such as viruses, trojan horses, rootkits, spyware, etc.). In addition, remote assistance may be difficult to implement when the helpee is inside a corporate network behind a firewall, and the helper is inside a different corporate network and also behind a firewall.
Current solutions to these problems include using an intermediary, such as a node on the Internet, where the helper and helpee meet to make a connection. While satisfactory in some situations, the Internet node is insecure, and typically requires the deployment of additional resources and often imposes scalability limitations due to the availability of such nodes. An alternative to the intermediary is for network administrators to open new incoming ports (in the case of the perimeter firewall) or map an incoming port to a specific computer in the network (in the case of the NAT firewall). However, network administrators are often hesitant to open or map ports since such actions are inherently insecure, and can result in significant risks to the security of the network or enterprise, which defeats the intended purpose of the firewalls.
This Background is provided to introduce a brief context for the Summary and Detailed Description that follow. This Background is not intended to be an aid in determining the scope of the claimed subject matter nor be viewed as limiting the claimed subject matter to implementations that solve any or all of the disadvantages or problems presented above.